For all its management and security shortcomings, the National Security Agency remains the world’s most important spy service. Its signals intelligence reach is truly global, and its highly classified SIGINT, year in and year out, accounts for something like 80 percent of the actionable intelligence in our Intelligence Community. NSA, which recently celebrated its 65th birthday, remains the backbone of Western security, our top-secret shield against spies and terrorists.
No small part of that success can be attributed to NSA’s effective leveraging of foreign partnerships. Its spy links with the Anglosphere date to World War II and are termed Five Eyes (for the USA, Australia, Canada, New Zealand, and the United Kingdom). Inside NSA, this alliance is called Second Party. This partnership is so close that it’s best to view the Five Eyes SIGINT arrangement as really one integrated espionage effort that covers the globe.
However, those are hardly NSA’s only foreign partnerships. The agency enjoys intelligence-sharing links with spy services all over the world. Some of these relationships, termed Third Party inside the SIGINT system, date to NSA’s founding in 1952, and all are shrouded in strict secrecy. They are seldom mentioned in the media, as some of these top-secret links are highly sensitive politically.
However, one of the agency’s Third Party partnerships has just burst into the public eye in an unprecedented manner that profoundly shifts the debate about Russian shenanigans against our politics in 2016 and the election of President Donald Trump. Yesterday, the Dutch daily de Volkskrant published a detailed account of the secret spy-games conducted by Western intelligence against Kremlin hackers in the lead-up to our presidential election. Based on insider accounts in both the United States and the Netherlands, the article rings true to anyone who’s acquainted with how NSA Third Party relationships function.
The essential storyline is relatively straightforward—and shocking. In the summer of 2014, hackers working for the 300-person Joint SIGINT Cyber Unit, staffed by the Dutch internal security service or AIVD and the Dutch military’s foreign intelligence service or MIVD, managed to crack into Cozy Bear. Known as APT29 in spy circles, since 2010 the shadowy Cozy Bear has pillaged countless Western governments and businesses with its aggressive hacking. The JSCU’s covert infiltration of Cozy Bear’s headquarters in downtown Moscow represented a stunning intelligence coup.
The Dutch hackers saw everything inside Cozy Bear, which they quickly assessed was a front for Russia’s Foreign Intelligence Service or SVR. They monitored not just Cozy Bear activities in real time, they even watched their goings-on by getting control of cameras inside their offices. What JSCU witnessed was damning for Moscow. In November 2014, they observed Cozy Bear operatives hack into the computer networks of the U.S. State Department.
The Americans had to be informed, and Dutch spies quickly contacted the NSA’s representative in The Hague. Third Party ties went into immediate action. What followed, as SVR hackers went after the State Department, was explained by de Volkskrant:
The Russians are extremely aggressive but do not know they’re being spied on. Thanks to the Dutch spies, the NSA and FBI are able to counter the enemy with enormous speed. The Dutch intel is so crucial that the NSA opens a direct line with Zoetermeer [AIVD headquarters], to get the information to the United States as soon as possible.
Close NSA-JSCU collaboration after the State Department hack enabled an ongoing look at how the SVR launched cyber-raid after cyber-raid on American institutions in 2014 and after. Washington was so grateful they sent cake and flowers to their Dutch partners. However, this top-secret look at Cozy Bear activities means that Western intelligence had a clear, real-time window into what Kremlin hackers were up to, for instance, when they stole the emails of the Democratic National Committee in the spring of 2016. Those were the very same emails that did so much damage to the presidential candidacy of Hillary Clinton when WikiLeaks posted them online a few months later.
NSA used Dutch intelligence to get even deeper access to what SVR officials were up to in their SpyWar against America. As de Volkskrant stated:
In late 2015, the NSA hackers manage to penetrate the mobile devices of several high ranking Russian intelligence officers. They learn that right before a hacking attack, the Russians search the internet for any news about the oncoming attack. According to the Americans, this indirectly proves that the Russian government is involved in the hacks.
This means that top-secret Washington possessed a detailed understanding of Kremlin hacks of our country as they happened. Why the Obama administration did so little to counter these nefarious activities—a troubling question that has lingered as the extent of Russian espionage against our 2016 election has come into clearer focus—now must be answered if we hope to avert future Kremlin hacks of our democracy.
President Barack Obama’s lethargy about admitting—much less confronting—Russian espionage and propaganda is a matter of record. Why the Obama White House shut down the State Department’s tiny effort to counter weaponized Kremlin lies in late 2015 has never been properly explained. Now, Congress should ask why the previous administration did so little to defend our democracy from Russian espionage and subversion—an inaction that did grave damage to Obama’s own party.
Of late, Obama’s defenders have started to address this knotty issue. This week, former Vice President Joe Biden explained that it’s all the Republicans’ fault by stating that, a couple months before the 2016 election, Mitch McConnell, the top Republican in the Senate, stonewalled White House efforts to craft a bipartisan response to Russian hacking. That unquestionably merits investigation to determine whether McConnell’s motivation was personal or partisan.
However, that does nothing to explain why the Obama administration did little if anything for two years before the 2016 election, despite possessing detailed intelligence about the secret Kremlin effort to attack our democracy. That fateful failure lies exclusively with the executive branch and demands explanation. With each passing day, the Obama administration’s non-response to Vladimir Putin’s SpyWar against America looks increasingly like the run-up to the 9/11 attacks, when repeated intelligence warnings were ignored by policymakers who hewed to wishful thinking right until disaster struck. Congress needs to find out what went wrong here so it never happens again.
We owe the Dutch deep gratitude for their outstanding intelligence work against Cozy Bear. This is payback of sorts for the 193 Dutch citizens who were murdered by the Kremlin in late July 2014, when Malaysian Airlines Flight 17 was blasted out of the sky over eastern Ukraine by a Russian missile. Moreover, the JSCU-NSA collaboration against Cozy Bear demonstrates the impressive capabilities of Western intelligence against even the hardest targets.
Dutch secret access to Cozy Bear was lost when the SVR conducted a cyber-upgrade, as is routine in the world of espionage, but not before the shocking extent of Russian online dirty tricks was revealed to Western intelligence. Dutch spies aren’t entirely happy with Washington, however, feeling that American intelligence has spoken too freely about JSCU successes—which can imperil future spy operations. Moreover, Dutch intelligence has doubts about President Donald Trump, fearing his ties to the Kremlin, and these days they are reluctant to share their most valuable secrets with the Americans.
Dutch spies are hardly alone there. Over the past year, several of our close intelligence partners abroad have withheld classified information from Washington out of fears it might travel from the White House to Moscow. Trump should be concerned by the de Volkskrant report too, particularly its mention of NSA access to the mobile phones of senior SVR officials. My friends still in the spy trade tell me that program continued into 2016 and included intercepts that are highly troubling regarding the Trump campaign and its secret ties to Moscow. Eventually that, too, will probably be leaked to the media, just as this remarkable Dutch espionage success was this week.
John Schindler is a security expert and former National Security Agency analyst and counterintelligence officer. Read his full bio here.